The code is suitable for XSS attack vector. So I tried to close string 'name' with adding single quote to parameter and inject own javascript code in page but at server side, single quotes are replaced with empty string. They think this work can stop XSS attack but there are alternative ways to closing the string.

at line document.cookie = 'name\' + "=" + 'value'; the string closed by starting single quote of second string. Now value of value parameter is parsed as code -not data. So I try to inject payload in value parameter like /?key=name\&value=;alert(1);//

There is still a problem. An error occur at if ('name\' != '') { because of unclosed string and interpreter doesn’t execute alert(1). So I try to use alternative way to pass error. The new payload use </script><script> and like this /?key=name%0a</script><script>alert(1);</script>&value=value but the request is blocked by WAF. Add newline is bypass WAF in a simple way. /?key=name%0a</script><script>alert(1);%0a</script>&value=value. Unfortunately, Google Chrome XSS Auditor detects and blocks last payload. Now the second parameter comes in. I split payload in two parameters and generate final payload that is working. /?key=name%0a</script></script>alert(&value=%2bdocument.cookie);%0a</script>

alert(document.cookie)

Note: you can find a simple server code that simulate this challenge here

Note: I have seen Google Chrome XSS auditor bypass with two parameters many years ago that is used multiline comment /* */ and was patched but you can see it’s work with some changes (using <script>)